It was discovered that user validation was incorrectly implemented for filter_var(FILTER_VALIDATE_URL). For the stable distribution (bookworm), this problem has been fixed in
Huy Nguyá» n Phạm Nháºt, and Valentin T. and Lutz Wolf of CrowdStrike, discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform Cross-Side Scripting (XSS) attacks.
WordPress 6.6 Beta 3 is here! Please download and test it.
This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites—you risk unexpected results if you do.
Instead, test Beta 3 on a local site or a testing environment in any of these four ways:
| Plugin | Install and activate the WordPress Beta Tester plugin on a WordPress install. (Select the “Bleeding edge” channel and “Beta/RC Only” stream). |
|---|---|
| Direct Download | Download the Beta 3 version (zip) and install it on a WordPress website. |
| Command Line | Use this WP-CLI command:wp core update --version=6.6-beta3 |
| WordPress Playground | Use a 6.6 Beta 3 WordPress Playground instance to test the software directly in your browser. This might be the easiest way ever—no separate sites, no setup. Just click and go! |
The target release date for WordPress 6.6 is July 16, 2024. Your help testing Beta and RC versions over the next four weeks is vital to making sure the final release is everything it should be: stable, powerful, and intuitive.
If you run into an issue, please share it in the Alpha/Beta area of the support forums. If you are comfortable submitting a reproducible bug report, you can do so via WordPress Trac. You can also check your issue against a list of known bugs.
The WordPress community sponsors a financial reward for reporting new, unreleased security vulnerabilities. That reward doubles between Beta 1, which landed June 4, and the final Release Candidate (RC), which will happen July 9. Please follow the project’s responsible-disclosure practices detailed on this HackerOne page and in this security white paper.
Catch up with what’s new in 6.6: check out the Beta 1 announcement for the highlights.
Beta 3 packs in more than 50 updates to the Editor since the Beta 2 release, including 39 tickets for WordPress core:
The beta cycle is all about fixing the bugs you find in testing.
Do you build themes? Feedback from testing has already prompted a change in the way you offer style variations to your users.
In Beta 1, if you made preset style variations for your theme, it automatically generated a full set of color-only and type-only options your users could mix and match across the different variations.
In Beta 3, your theme no longer generates those options automatically—you do. So you can present a simpler set of choices, curated to guide users’ efforts to more pleasing results. For more insight into the rationale, see this discussion.
Thanks again for this all-important contribution to WordPress!
Props to @meher, @rmartinezduque, @atachibana, and @mobarak for collaboration and review.
Beta ends at 3
One more week, then comes RC
When we freeze the strings!
A buffer overflow was discovered in libndp, a library implementing the IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of service or potentially the execution of arbitrary code if malformed IPv6 router advertisements are processed.
2,584 attendees participated in the 12th annual WordPress event in Europe, held at the Lingotto Conference and Exhibition Centre in Torino, Italy.
From June 13-15, 2024, WordPress enthusiasts from across the globe gathered in Torino to explore and celebrate the world’s most popular web platform. A dedicated team of 250 volunteers, led by WordCamp veterans Wendie Huis in ‘t Veld, Juan Hernando, and Takis Bouyouris, organized and produced the event.
Contributor Day brought together 726 contributors working across 25 teams to support the WordPress project. Their accomplishments included translating 79,059 “strings” for the WordPress user interface across 29 languages, updating documentation for the forthcoming 6.6 release, onboarding new contributors for the support forums and testing teams, and identifying ways to improve plugin security.
Joost de Valk and Juliette Reinders Folmer delivered the event’s opening keynote address on sustaining open source software projects. Their keynote covered funding open source, contributing beyond code, and convincing buyers in commercial enterprises that open source is a viable alternative to proprietary platforms.
Friday and Saturday saw 60 presentations and workshops held across three tracks. Topics included WordPress development, accessibility, design, business, community, artificial intelligence, and cybersecurity.
A youth workshop gave younger attendees hands-on opportunities to build WordPress websites, explore new tech, and learn about internet safety. Meanwhile, a wellness-themed track included yoga lessons and walking tours of Torino, encouraging attendees to step away from their screens and explore the beauty of this year’s host city.
WordPress Cofounder Matt Mullenweg shared a mid-year project update on WordPress and concluded by fielding questions from the audience on various topics, from Gutenberg Phases to the WordPress Playground, and acknowledging a request to escalate a bug fix.
Matt’s presentation highlighted the success of the contributor mentorship program and WCEU Contributor Day, demoed Translate Live, and shared an update on the Data Liberation initiative.
Matt also covered the latest innovations with WordPress Playground, highlighted performance gains, and previewed features anticipated in future releases, like rollbacks for auto-updates and zoomed-out view.
Acknowledging an exciting new trend in the WordPress community, Mullenweg discussed “speed build challenges,” where onlookers watch WordPress experts build websites in real-time, showcasing tips, shortcuts, and best practices. One such event took place during a WCEU session, and in the Q&A portion of Matt’s presentation, he was invited to participate in one–an invitation he accepted!
Matt reflected on WordPress reaching its 21st anniversary since he and Mike Little launched the first version in 2003. He shared 11 things to ensure that WordPress remains sustainable for decades to come:
In their closing remarks, the event organizers expressed gratitude for the endorsements of the European Parliament, the city of Torino, and Turismo Torino, the regional tourism board. The volunteer team was celebrated for their hard work in producing the event.
Closing out a robust three days of programming, the organizing team announced that WordCamp Europe 2025 would be held in Basel, Switzerland, from June 5 to 7, 2025. The announcement was met with hearty applause and plans to meet in a year’s time.
WordPress events enable technologists, open source enthusiasts, and community members around the globe to meet, share ideas, and collaborate to drive WordPress and the open web forward.
Mark your calendars for WordCamp US (Portland, Oregon, United States), State of the Word (Tokyo), and next year’s WordCamp Asia in Manila!
This post is a collaboration between the contributors who produce content for wordpress.org/news and the WordCamp Europe Communications team.
59 queries. 8.5 mb Memory usage. 0.542 seconds.